Child pages
  • Grouper rules use case - Veto if not group
Skip to end of metadata
Go to start of metadata

Grouper rules

For a policy group, make sure the subject added to the group is a group, not individuals

GSH example

grouperSession = GrouperSession.startRootSession();
ruleGroup = GroupFinder.findByName(grouperSession, "test:testGroup", true);
AttributeAssign attributeAssign = ruleGroup.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
AttributeValueDelegate attributeValueDelegate = attributeAssign.getAttributeValueDelegate();
attributeValueDelegate.assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), "g:isa");
attributeValueDelegate.assignValue(RuleUtils.ruleActAsSubjectIdName(), "GrouperSystem");
attributeValueDelegate.assignValue(RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipAdd.name());
attributeValueDelegate.assignValue(RuleUtils.ruleIfConditionElName(), "\${safeSubject.sourceId != 'g:gsa'}");
attributeValueDelegate.assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.veto.name());
attributeValueDelegate.assignValue(RuleUtils.ruleThenEnumArg0Name(), "rule.entity.must.be.a.group");
attributeValueDelegate.assignValue(RuleUtils.ruleThenEnumArg1Name(), "Entity must be a group");
String isValidString = attributeValueDelegate.retrieveValueString(RuleUtils.ruleValidName());
if (!GrouperUtil.equals("T", isValidString)) {throw new RuntimeException(isValidString);}   


  • No labels